From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58735C433F5 for ; Wed, 9 Feb 2022 12:08:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232440AbiBIMIT (ORCPT ); Wed, 9 Feb 2022 07:08:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48350 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232836AbiBIMGP (ORCPT ); Wed, 9 Feb 2022 07:06:15 -0500 Received: from isilmar-4.linta.de (isilmar-4.linta.de [136.243.71.142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B95FDC076859; Wed, 9 Feb 2022 03:16:32 -0800 (PST) X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES X-isilmar-external: YES Received: from owl.dominikbrodowski.net (owl.brodo.linta [10.2.0.111]) by isilmar-4.linta.de (Postfix) with ESMTPSA id 74A4D201431; Wed, 9 Feb 2022 08:31:16 +0000 (UTC) Received: by owl.dominikbrodowski.net (Postfix, from userid 1000) id 5B8518065D; Wed, 9 Feb 2022 09:28:40 +0100 (CET) Date: Wed, 9 Feb 2022 09:28:40 +0100 From: Dominik Brodowski To: "Jason A. Donenfeld" Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, tytso@mit.edu, ebiggers@kernel.org, Eric Biggers Subject: Re: [PATCH v2 5/9] random: do not xor RDRAND when writing into /dev/random Message-ID: References: <20220209011919.493762-1-Jason@zx2c4.com> <20220209011919.493762-6-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220209011919.493762-6-Jason@zx2c4.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Wed, Feb 09, 2022 at 02:19:15AM +0100 schrieb Jason A. Donenfeld: > Continuing the reasoning of "random: ensure early RDSEED goes through > mixer on init", we don't want RDRAND interacting with anything without > going through the mixer function, as a backdoored CPU could presumably > cancel out data during an xor, which it'd have a harder time doing when > being forced through a cryptographic hash function. There's actually no > need at all to be calling RDRAND in write_pool(), because before we > extract from the pool, we always do so with 32 bytes of RDSEED hashed in > at that stage. Xoring at this stage is needless and introduces a minor > liability. Looks good generally, just one unrelated change slipped in: > bytes = min(count, sizeof(buf)); > - if (copy_from_user(&buf, p, bytes)) > + if (copy_from_user(buf, p, bytes)) > return -EFAULT; Otherwise: Reviewed-by: Dominik Brodowski Thanks, Dominik